This is the tool used for my master thesis "Analysis of the Correctness of Qualcomm Hexagon Emulators and Decompilers via Differential Testing".
These are the versions of emulators/decompiler when the tool was used.
- hexagon-sim (In HEXAGON Tools 8.3.07)
- QEMU (Nov 1, 2021, commit hash
94ca4341) - binja-hexagon (Oct 20, 2021, commit hash
31993a3a)- emILator (
ebd7ba26)
- emILator (
Make sure that HEXAGON SDK, Binary Ninja and binja-hexagon are installed in your computer.
Get the submodules:
git submodule update --init --recursiveApply the qemu.patch and build (If it does not work well, please uncomment the docker-image-debian-hexagon-cross related part in the script):
cd src/qemu-docker/qemu
git apply ../qemu.patch
./build_qemu_hexagon_docker.shRun the docker image:
docker run -p9000:9000 rbtree/qemu-hexagonRun src/test.py to run the differential tester.
You can specify the number of cores:
python3 test.py -c 4You can specify the packet to test:
python3 test.py -t packet.json[
"Rd=convert_sf2uw(Rs)",
"nop",
"nop",
"nop"
]src/common/template_asm.elfwas built withhexagon-unknown-linux-musl-clangin the docker image.- The port 9000 is hardcoded everywhere. If it's already used, please search
9000and change by your hands. - Also, the version of HEXAGON SDK is hardcoded in
src/Makefile. Please change it if you're using a different version.